From c4c9e314d3098ee3f2759cdac28fe1b059067a82 Mon Sep 17 00:00:00 2001 From: mike Date: Mon, 28 Jul 2025 05:51:47 +0000 Subject: [PATCH] Add readme.md --- readme.md | 100 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 100 insertions(+) create mode 100644 readme.md diff --git a/readme.md b/readme.md new file mode 100644 index 0000000..5dbee56 --- /dev/null +++ b/readme.md @@ -0,0 +1,100 @@ +# setup-auto-updates.sh + +A cross-compatible shell script for enabling unattended automatic updates on Debian and Ubuntu systems. +Designed for clean, predictable configuration using modern `Origins-Pattern` syntax. +Includes dry-run validation and systemd timer setup when supported. + +--- + +**Version:** 2025-07-28 +**License:** MIT + +--- + +## Features + +- Detects Debian or Ubuntu and applies best-practice configuration +- Configures `unattended-upgrades` to install regular and security updates automatically +- Clears legacy `Allowed-Origins` and uses clean `Origins-Pattern` format +- Supports both traditional and deb822-style APT sources +- Enables systemd timers (`apt-daily.timer` and `apt-daily-upgrade.timer`) when available +- Configures daily update checks, weekly autoclean, and auto-reboot at 4:00 AM if needed +- Includes a dry-run validation with basic error detection +- Prompts to delete the script after successful execution + +## Compatibility + +- **Debian**: Bookworm, Trixie, and newer +- **Ubuntu**: Noble (24.04 LTS) and newer +- Should be safe on any modern system with `unattended-upgrades` and `apt` + +## What It Does + +- Installs `unattended-upgrades` if missing +- Writes a new `/etc/apt/apt.conf.d/50unattended-upgrades` using a robust and portable structure +- Enables APT periodic updates via `/etc/apt/apt.conf.d/20auto-upgrades` +- Enables systemd timers if `systemctl` is available +- Does **not** run any updates itself or reboot your system directly + +## Example Output + +``` +[INFO] Unattended-upgrades configurator (Debian/Ubuntu) +[INFO] Detected OS: Debian GNU/Linux 12 (bookworm) +[INFO] Updating APT cache… +[INFO] Installing unattended-upgrades… +[INFO] Validating unattended-upgrades with a dry run… +Allowed origins are: origin=Debian,archive=bookworm, origin=Debian,archive=bookworm-updates, ... +[INFO] Timers: +Mon 2025-07-28 06:40:14 MDT ... apt-daily-upgrade.timer +Mon 2025-07-28 10:51:12 MDT ... apt-daily.timer +[OK] Unattended updates configured. Regular + security updates will apply automatically; reboot at 04:00 if needed. +``` + +## Usage + +```bash +sudo ./setup-auto-updates.sh +``` + +- Must be run as root +- Prompts to delete itself after successful configuration if run interactively + +## Customization + +To change the default reboot time: + +```bash +sudo REBOOT_TIME="03:30" ./setup-auto-updates.sh +``` + +To run without dry-run validation (not recommended), you can comment out or modify the `validate_with_dryrun()` function. + +## Notes + +- If APT is locked by another process, the script waits up to 3 minutes before proceeding +- Dry-run validation logs are saved to `/tmp/unattended-upgrades-dryrun.*` +- The script confirms presence of `systemctl` before enabling timers +- Automatically overwrites existing configuration files with no backup: + - `/etc/apt/apt.conf.d/50unattended-upgrades` + - `/etc/apt/apt.conf.d/20auto-upgrades` + +## Self-Delete Behavior + +At the end of the script, a prompt asks if you'd like to remove the `.sh` file that was just executed. +This helps keep systems tidy after one-time provisioning. + +## Limitations + +- Does not configure granular package exclusions or holds +- Will not trigger updates or reboots itself; configuration only +- Does not install `powermgmt-base`, so power-check warnings may appear on laptops +- Not compatible with non-Debian distributions (e.g., Fedora, Arch) + +## License + +MIT License – use freely, modify as needed, no warranties. + +--- + +Created and maintained by a privacy-conscious, security-oriented Linux sysadmin. \ No newline at end of file